-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathauth.php
More file actions
99 lines (78 loc) · 3.25 KB
/
auth.php
File metadata and controls
99 lines (78 loc) · 3.25 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
<?php
require_once 'db.php';
session_start();
// Register a new user
function register($username, $email, $password, $honeypot = []) {
$db = getDB();
// Check honeypot fields - if any are filled, reject silently
if (!empty($honeypot['website']) || !empty($honeypot['fullname'])) {
return ['success' => false, 'error' => 'Invalid submission'];
}
// Validate input
if (empty($username) || empty($email) || empty($password)) {
return ['success' => false, 'error' => 'All fields are required'];
}
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
return ['success' => false, 'error' => 'Invalid email address'];
}
if (strlen($password) < 8) {
return ['success' => false, 'error' => 'Password must be at least 8 characters'];
}
// Normalize username to lowercase for case-insensitive comparison
$username = strtolower($username);
// Check for existing username (case-insensitive)
$checkStmt = $db->prepare('SELECT id FROM users WHERE LOWER(username) = :username');
$checkStmt->bindValue(':username', $username, SQLITE3_TEXT);
$checkResult = $checkStmt->execute();
if ($checkResult->fetchArray(SQLITE3_ASSOC)) {
return ['success' => false, 'error' => 'Username already exists'];
}
// Hash password and generate API token
$passwordHash = password_hash($password, PASSWORD_DEFAULT);
$apiToken = generateApiToken();
// Insert user
$stmt = $db->prepare('INSERT INTO users (username, email, password_hash, api_token) VALUES (:username, :email, :password_hash, :api_token)');
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$stmt->bindValue(':email', $email, SQLITE3_TEXT);
$stmt->bindValue(':password_hash', $passwordHash, SQLITE3_TEXT);
$stmt->bindValue(':api_token', $apiToken, SQLITE3_TEXT);
try {
$stmt->execute();
$userId = $db->lastInsertRowID();
// Auto-login after registration
$_SESSION['user_id'] = $userId;
$_SESSION['username'] = $username;
return ['success' => true, 'message' => 'Registration successful'];
} catch (Exception $e) {
return ['success' => false, 'error' => 'Username or email already exists'];
}
}
// Login user
function login($username, $password) {
$db = getDB();
// Normalize username to lowercase for case-insensitive comparison
$username = strtolower($username);
$stmt = $db->prepare('SELECT id, username, password_hash FROM users WHERE LOWER(username) = :username');
$stmt->bindValue(':username', $username, SQLITE3_TEXT);
$result = $stmt->execute();
$user = $result->fetchArray(SQLITE3_ASSOC);
if ($user && password_verify($password, $user['password_hash'])) {
$_SESSION['user_id'] = $user['id'];
$_SESSION['username'] = $user['username'];
return ['success' => true, 'message' => 'Login successful'];
}
return ['success' => false, 'error' => 'Invalid username or password'];
}
// Logout user
function logout() {
session_destroy();
return ['success' => true, 'message' => 'Logged out'];
}
// Check if user is logged in
function isLoggedIn() {
return isset($_SESSION['user_id']);
}
// Get current user ID
function getCurrentUserId() {
return $_SESSION['user_id'] ?? null;
}